You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does this library have any protection or mitigation against email address enumeration?
With PASSWORDLESS_REGISTER_NEW_USERS set to False, and emails sent synchronously, I would expect the response time to be higher for a registered vs an unregistered user. This type of attack may also be possible even if email is sent asynchronously.
If not does anyone have a clean way to mitigate email enumeration while using this library?
The text was updated successfully, but these errors were encountered:
neilbags
changed the title
Timing attacks for username/email enumeration
Timing attacks for email enumeration
May 13, 2022
Does this library have any protection or mitigation against email address enumeration?
With PASSWORDLESS_REGISTER_NEW_USERS set to False, and emails sent synchronously, I would expect the response time to be higher for a registered vs an unregistered user. This type of attack may also be possible even if email is sent asynchronously.
If not does anyone have a clean way to mitigate email enumeration while using this library?
The text was updated successfully, but these errors were encountered: